BBM Protected walkthrough and hands-on with Jeff Gadway

As part of the BlackBerry Security Summit held in NYC, we got to catch up with Jeff Gadway from the BBM Product Marketing team to learn more about BBM Protected, how it works and what to expect in the future updates for the secure enterprise messaging service. If you're not familiar with BBM Protected, it provides an enhanced security model for BBM messages sent between BlackBerry smartphones and is the only secure mobile instant messaging app that uses a FIPS 140-2 validated cryptographic library.

When BBM Protected was initially launched last month, it was targeted for only for EMM Regulated Work Space in Corporate-Owned, Business-Only (COBO) deployments, which also required a BlackBerry Enterprise Server Gold Client Access License. The next phase though will enable BBM Protected on Corporate Only, Personally Enabled (COPE) deployments with BlackBerry Balance enabled including BES10 Cloud. Once that is complete, in the fall BBM Protected will then be rolled out to iOS and Android devices through Secure Work Space.

Needless to say, BlackBerry is working hard on BBM Protected and ensuring anyone who has increased security needs has access to the messaging service through their enterprise offerings. Hit play on the video above to learn more and see how it all works between devices.

Reader comments

BBM Protected walkthrough and hands-on with Jeff Gadway

I'm liking the pasphrase being sent out of band ... seems a LOT less secure and a failure to even being. It may not be less secure to initiate but it's all in the perception. This seriously needs to be changed.

No one can seem to answer my question yet. I get that this adds another wrapper of encryption to my BBM. But what I really want to know is: are these messages still sent through BlackBerry servers and just the content of the message is now encrypted? because if my message is 100% encrypted then there is no way for BlackBerry servers to know who it is for. The envelope for the message I would assume will still have to be in the open for BlackBerry to see. Is so BlackBerry can still hand over information of who and when you were BBMing someone and only the blobs of encrypted text in those messages.. So really thre NSA or whom ever will only need to know your passphrase to unencrypted those message they see are to an important suspect and unless you speak it verbally to them, SMS email are all monitored so it would not be difficult to find the passphrase you sent, then apply that to the messages and its just one more step for them to read your messages.. ?? can someone that knows answer how this works?

I get how it works at the 30,000 foot level I am asking about the 10,000 foot level. Everything they are talking about is all marketing stuff, I want to know the details of how it works as a Network / BES administrator. If someone intercepted the pass phrase what can they do with it? I am assuming its just an ID of sorts to prove the other end is who they say they are before exchanging the large keys that encrypt everything. After the keys are exchanged is the pass phrase at that point useless to anyone?

And to my other question does this still go through BlackBerry's servers? If so its still not private kind of like encrypting an email, it still has to transport through the internet MTAs so all the headers can't be encrypted so anyone can still see who you talked to and when but not what you said... is this the same for BlackBerry with this new service or will it be queued on the device and do end to end transport through a secure tunnel only? if so the only thing this does is stop BlackBerry for viewing the message.

I feel like naming it 'BBM Protected' makes regular BBM feel _less_ protected. Hypothetically speaking as someone who knows about BBM and BBM Protect, and doesn't know the difference, I may now move to another messaging service since BBM feels on par with other IM software since it's not 'protected'. My two cents.

I agree with some of the other comments here. We shouldn't be in the mind set that non-enterprise conversations aren't important enough to be protected. All conversations should be protected. There may come a time when anything can be used against someone, and also making it easy for authorities s to read our messages at will just supports a world where nothing is private. This is not okay. I think these features should be offered to consumers. Even if they cost more I would be willing to pay a bit.

I also agree with the other members that a couple of comments in the secusmart video and this video downplayed the importance of the products being displayed. They were also a slap in the face for the people who kindly took the time to give us a walk through. Maybe crackberry can get it right in Washington with some prepared questions around how this can relate to consumers and a bit more enthusiasm.

It's clear to see the loss of enthusiasm specifically towards the end of this video. Hey Kevin maybe just a bit more oversight can help eliminate situations like that from recurring. I know it may be tedious to operate in such a manner but it's important CrackBerry doesn't fall to the saying "the higher the monkey climbs, it's the more it becomes exposed."

I was expecting a little more information too and not the personal use of Adam :-).

- Will this service be avaliable for the non-BES users?
- When will the service available for the BES Cloud organizations?
- Is the level of encryption keys like the PGP? And what level 1024/2048/4096?

I also want security in my phone!!does it all means That BlackBerry users are very unsecure at all? I want my bbm to be secure! Bad feeling for me actually,i hope BlackBerry doesnt focus so much in business World and forget the rest of users...

BBM (consumer grade) is already the most secure consumer messaging platform having two levels of encryption built in, so you are already using the best thing available to you. eBBM has the extra AES256 level encryption with a unique key applied to each message individually for a far more robust secure communications channel. Plus it has message archiving for compliance in corporate communications standards. But this comes at a price few consumers would be interested in or require.

I am always dazed to see how people promptly give up their right to privacy:
at 3.42 "if people intercept our chat it's no big deal"...
Sorry to disagree but it's truly a big deal and we should have an instinctive reaction of defence to anything coming close to our privacy: for example even if i certainly don't need that encryption layer i would certainly not decide it because of the importance of what might be intercepted as nothing should be intercepted (except when a judge decided to put you on wire)
It will always be better to have the choice to use an additional layer of encryption, choose your degree of privacy don't let the "if you have nothing to hide then you have nothing to be scared of" policy (you never know what the future has in store for you and with all the data they collect on you "guilty" could be only a political twitch away)

Awesome. I love that BlackBerry is attacking the security issues present in the currently compromised climate head-on. They are poised to become the most important, secure phone on the planet. It's only a matter of time before the public demands the features that define BlackBerry and BB10.

Jeff Gadway, I've been hoping to contact you with a bbm feature that I've discovered and am hoping to speak to you or someone on your team about this. It would be for law enforcement and military applications only.

I've tried calling BlackBerry and a few other methods but all have yielded negative results.

I'm a pro BlackBerry user and feel that what I've discovered will prove extremely beneficial.

I wanted to state a few things. I would like to see this level of security to come to the consumer. I understand that enterprise customers require this. Are our BB's really that secure without enterprise? I'm not too really sure... I want to protect my BBM's like this between my self and other friends, I want encrypted phone calls as well even if I have to pay for a premium. Bring this level of security to your consumers as well...

Adam, you do a class act! To top that, you even forgot where you were, subtle way to say that you really don't care. Wonder how Jeff Gadway calls you his friend!

As financial analyst are now expected to disclose if they have taken a position on a particular stock, I wonder if time has come for you folks in the media, especially Crackberry to indicate if you have been compensated in anyway (material or otherwise) to show Blackberry in bad light.

Heavy duty secure(each message has its own encryption key, so even if you manage to brute force decrypt one, you have to do the same for the next one from scratch) , yet message history archived for compliance with corporate communications regulations. Off the shelf convenient non-email corporate communications. Takes the email service providers out the security loop.

Love the idea of BBM protected and definitely want in on it. That said, I am very new to BES, both self hosted and cloud; is there anyone out there that can give a relatively succinct and quick rundown of what would be required of me, one consumer, to set this up for myself and my friends?

Two levels of encryption in which BlackBerry held the keys. This includes a third 256 AES level in which the BES server provides a key for each individual message, so BlackBerry holds no back door into the communication.

Yes, eBBM is actually a suite of enhanced security messaging products that BlackBerry is working on for the enterprise. BBM protected is just one app within this suite and it seems like they have the implementation down pretty elegantly.

Exactly!!! I was hoping that was the question that would be asked. I'd love to have the option of having the protected version of bbm with some of my contacts. Heck, if they had a premium bbm subscription service I'd consider the investment.

Having heard this and the secusmart video, my reading further into this, is that is some messaging that BB is instructing these guys to use when presenting the features. Since they are being marketed to corporations, you don't really want the CB guys asking how they could get that same security on their personal devices if the product isn't there yet.

It's really early for a lot of these features. I think in time, these will be available for personal BES12 Cloud deployments. If you could pay $50 per year for a personal BES12 cloud to have access to these features, would it be worthwhile? If they can figure out a way to market it and made this protected chat and secusmart calling "software version" a part of the eBBM suite, that would be pretty attractive for the security-minded.

I understand the arguments you state concern the point of view of BlackBerry the company.
But i they do have PR and will do videos targeted at corporations.

The point of view of the CrackBerry user is completely different. Most of us aren't using a BES so it feels something is missing in the interview because that question was not asked.
Even if we know the probable answer.

Maybe BlackBerry specifically said "no interview if you ask that question" but I doubt it.

CrackBerry is in no way Affiliated with BlackBerry. We take pride in our unbiased content, however do occasionally receive free products from vendors that we review or discuss. For more info click here.